[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: More PATH fallout. Who decided this was a good idea?



Miloslav Trmač wrote:
Jesse Keating píše v Ne 07. 12. 2008 v 15:05 -0800:
On Mon, 2008-12-08 at 10:03 +1100, Andrew Bartlett wrote:
Perhaps I'm a bit slow this morning, but vipw is forbidden but
vi /etc/passwd isn't?
I think he means "forbidden by policy" in which using anything /but/ the
audit-able tools is "forbidden by policy".  If you're expecting
everybody to follow policy, why not just set policy that says "don't
hack this box".  That'll work right?

Violations of "don't hack this box" don't generate audit messages that
can be manually examined for actual intrusions.  Violations of "don't
access /etc/shadow manually" do.

Is attempting an access that the kernel routinely prevents considered a violation? That is, if I type 'file /etc/*' on such a system should I expect the black helicopters to start firing? I don't see how accesses that are denied matter to anyone - or why anyone running the shadow-tools utility without permission to access the relevant files should bother anyone either.

--
  Les Mikesell
   lesmikesell gmail com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]